如破折号-o所述,您必须重新设置日期。 date命令可以做到这一点。
为避免对每个IP的日志文件进行昂贵的扫描,您还可以按IP和时间对日志文件进行排序。
最后,对于生成输出,awk是最好的工具。
尝试一下:
#!/bin/bash
logfile="messages"
while read line; do # reformat output of log file
day=$(date -d "${line:0:6}" +%Y-%m-%d)
hour=${line:7:8}
ip=$(echo "$line" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}')
echo $ip $day $hour
# output IP,day and hour,space separated
done < $logfile |
# sort this output,first by IP,then by date and time
sort |
# redirect sorted output to awk to format results
awk '
{
if ($1 != current_ip) {
if (last_datatime) {
print "last datatime: " last_datatime;
print " "; /* empty line before new IP,remove code if not needed */
}
current_ip = $1;
print current_ip;
print "first datatime: "$2" "$3;
}
last_datatime = $2" "$3;
}
END {
print "last datatime: "last_datatime;
}'
,
假设您的日志文件与每个IP的几行一致。
我们可以使用以下awk脚本:
不需要排序,时间戳按它们在每个IP中在日志中注册的顺序排列。 ip行可以混合。
从问题上讲,年份未输入,对当前年份进行硬编码。
使用输入变量更好地传递currYear! awk -v currYear=2019 -f script.awk input.log
script.awk
BEGIN { # pre processing before reading input file
currYear=2019; # hard code the current year,better provide as an input variable
# define array for 12 months
months["Jan"]="01";months["Feb"]="02";months["Mar"]="03";months["Apr"]="04";months["May"]="05";months["Jun"]="06";months["Jul"]="07";months["Aug"]="08";months["Sep"]="09";months["Oct"]="10";months["Nov"]="11";months["Dec"]="12";
}
/DHCPREQUEST/ { # process only lines having "DHCPREQUEST"
ip = $10; # extract ip variable from 10nth input
if (ip in seenIpArr) { # if ip was seen already
lastSeenIpArr[ip]++; # increment counter array for each seen ip,in lastSeenIpArr array
} else { # if first time seeing this ip
seenIpArr[ip] = lastSeenIpArr[ip] = 1; # register this ip in seenIpArr,reset this ip lastSeenIpArr to 1
}
ipTimeArr[ip,lastSeenIpArr[ip]] = $1OFS$2OFS$3; # save the current ip timestamp
}
END { # post processing after reading input file
for (i in seenIpArr) { # for each seen ip (not ordered)
printf ("%s%s%s",ORS,i,ORS); # print newline,current ip,newline
split(ipTimeArr[i,1],a); # split the current ip first timestamp fields into array a
printf ("first datatime: %d-%d-%02d %s%s",currYear,months[a[1]],a[2],a[3],ORS); # print the formated timestamp
split(ipTimeArr[i,lastSeenIpArr[ip]],a); # split the current ip last timestamp fields into array a
printf ("last datatime: %d-%d-%02d %s%s",ORS); # print the formated timestamp
}
}
input.log
Nov 9 09:38:45 jenkins dhclient[921]: DHCPREQUEST on eth0 to 192.168.0.100 port 67 (xid=0x2edb1fe2)
Nov 9 09:38:45 jenkins dhclient[921]: DHCPACK from 192.168.0.100 (xid=0x2edb1fe2)
Nov 9 09:38:47 jenkins dhclient[921]: bound to 192.168.0.11 -- renewal in 6195 seconds.
Nov 9 07:38:45 jenkins dhclient[921]: DHCPREQUEST on eth0 to 192.168.0.101 port 67 (xid=0x2edb1fe2)
Nov 9 07:38:45 jenkins dhclient[921]: DHCPACK from 192.168.0.101 (xid=0x2edb1fe2)
Nov 9 07:38:47 jenkins dhclient[921]: bound to 192.168.0.11 -- renewal in 6195 seconds.
Nov 9 09:38:46 jenkins dhclient[921]: DHCPREQUEST on eth0 to 192.168.0.100 port 67 (xid=0x2edb1fe2)
Nov 9 09:38:46 jenkins dhclient[921]: DHCPACK from 192.168.0.100 (xid=0x2edb1fe2)
Nov 9 09:38:48 jenkins dhclient[921]: bound to 192.168.0.11 -- renewal in 6195 seconds.
Nov 9 11:22:02 jenkins dhclient[921]: DHCPREQUEST on eth0 to 192.168.0.100 port 67 (xid=0x2edb1fe2)
Nov 9 11:22:02 jenkins dhclient[921]: DHCPACK from 192.168.0.100 (xid=0x2edb1fe2)
Nov 9 09:39:45 jenkins dhclient[921]: DHCPREQUEST on eth0 to 192.168.0.101 port 67 (xid=0x2edb1fe2)
Nov 9 09:39:45 jenkins dhclient[921]: DHCPACK from 192.168.0.101 (xid=0x2edb1fe2)
Nov 9 09:39:47 jenkins dhclient[921]: bound to 192.168.0.11 -- renewal in 6195 seconds.
runnig:
awk -f script.awk input.log
输出:
192.168.0.100
first datatime: 2019-11-09 09:38:45
last datatime: 2019-11-09 09:38:46
192.168.0.101
first datatime: 2019-11-09 07:38:45
last datatime: 2019-11-09 09:39:45
本文链接:https://www.f2er.com/3100622.html
